Warcraft III, joined players slot info

Need Help With an Existing Feature in Memory Hacking Software? Ask Here

Moderators: g3nuin3, SpeedWing, WhiteHat, mezzo

Warcraft III, joined players slot info

Postby stargalaxy » Sun Jun 19, 2011 3:42 am

Hello,
I need a program that just gets names of players who joined the game (Dota, BattleNet, ICCup to be clear)
So you can say it is similar to Banlist.

After looking through GHost++ source and some forums I didn't manage to split out some parts from Ghost and write my own small program.

Please help me, in fact I need ridiculously small program that returning
SLOT1 - Mike999
SLOT2 - Gosu89
SLOT3 - CatchMe-
SLOT4 - Vasily
SLOT5 ...
and so on


This is what I have done so far

OK, this is "what accesses" pointer of slot1.
address of pointer for slot1 = 125E78F0+1E8
(look at ESI)

Code: Select all
6F611D4D - 57 - push edi
6F611D4E - E8 13990D00 - call GameMain+6E1E16
6F611D53 - 83 BE E8010000 00 - cmp dword ptr [esi+000001E8],00 <<
6F611D5A - 8B D8  - mov ebx,eax
6F611D5C - 74 2A - je GameMain+608538

EAX=00000000
EBX=127100A9
ECX=00000000
EDX=6F87529C
ESI=125E78F0
EDI=6F87529C
ESP=0018F5C0
EBP=09500090
EIP=6F611D5A

=======================


6F611D6A - E8 11FDFFFF - call GameMain+608230
6F611D6F - 8B 86 E4010000  - mov eax,[esi+000001E4]
6F611D75 - 8B 8E E8010000  - mov ecx,[esi+000001E8] <<
6F611D7B - 83 C0 01 - add eax,01
6F611D7E - 50 - push eax

EAX=00000008
EBX=00000000
ECX=09A92C10
EDX=00000000
ESI=125E78F0
EDI=6F87529C
ESP=0018F5C0
EBP=09500090
EIP=6F611D7B

================================


6F611DF3 - 89 86 EC010000  - mov [esi+000001EC],eax
6F611DF9 - EB 0C - jmp GameMain+6085B7
6F611DFB - 8B 96 E8010000  - mov edx,[esi+000001E8] <<
6F611E01 - 89 96 EC010000  - mov [esi+000001EC],edx
6F611E07 - 6A 01 - push 01

EAX=00000000
EBX=00000000
ECX=00000000
EDX=09A92C10
ESI=125E78F0
EDI=6F87529C
ESP=0018F5C0
EBP=09500090
EIP=6F611E01



And this is the same, but after Warcraft III reboot

now address of pointer for slot1 = 0D8076A8+1E8
Code: Select all
6F611D4D - 57 - push edi
6F611D4E - E8 13990D00 - call GameMain+6E1E16
6F611D53 - 83 BE E8010000 00 - cmp dword ptr [esi+000001E8],00 <<
6F611D5A - 8B D8  - mov ebx,eax
6F611D5C - 74 2A - je GameMain+608538

EAX=00000000
EBX=064400A9
ECX=00000000
EDX=6F87529C
ESI=0D8076A8
EDI=6F87529C
ESP=0018F5C0
EBP=09110090
EIP=6F611D5A

================================================

6F611D6A - E8 11FDFFFF - call GameMain+608230
6F611D6F - 8B 86 E4010000  - mov eax,[esi+000001E4]
6F611D75 - 8B 8E E8010000  - mov ecx,[esi+000001E8] <<
6F611D7B - 83 C0 01 - add eax,01
6F611D7E - 50 - push eax

EAX=00000008
EBX=00000000
ECX=093E30A8
EDX=00000000
ESI=0D8076A8
EDI=6F87529C
ESP=0018F5C0
EBP=09110090
EIP=6F611D7B


============================================


6F611DF3 - 89 86 EC010000  - mov [esi+000001EC],eax
6F611DF9 - EB 0C - jmp GameMain+6085B7
6F611DFB - 8B 96 E8010000  - mov edx,[esi+000001E8] <<
6F611E01 - 89 96 EC010000  - mov [esi+000001EC],edx
6F611E07 - 6A 01 - push 01

EAX=00000000
EBX=00000000
ECX=00000000
EDX=093E30A8
ESI=0D8076A8
EDI=6F87529C
ESP=0018F5C0
EBP=09110090
EIP=6F611E01


You can see, we have
Code: Select all
6F611D4D - 57 - push edi
6F611D4E - E8 13990D00 - call GameMain+6E1E16
6F611D53 - 83 BE E8010000 00 - cmp dword ptr [esi+000001E8],00 <<


ESI+1E8 is that pointer for slot1,
But I cannot get it, what it gets value from.
The only thing to do is, to detect, it.

Here is Assembler code from this point 6F611D4D

Image
stargalaxy
I Have A Few Questions
 
Posts: 2
Joined: Sun Jun 19, 2011 3:39 am

Re: Warcraft III, joined players slot info

Postby L. Spiro » Sun Jun 26, 2011 8:49 am

Trying to get that information by modifying the game code is very tedious.

Just write a simple script in MHS that scans the memory and gets the information you want.


L. Spiro
Our songs remind you of songs you’ve never heard.
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan

Re: Warcraft III, joined players slot info

Postby stargalaxy » Tue Jul 12, 2011 7:49 am

So how to do that?
Could you give me a single clue?
stargalaxy
I Have A Few Questions
 
Posts: 2
Joined: Sun Jun 19, 2011 3:39 am

Re: Warcraft III, joined players slot info

Postby L. Spiro » Tue Jul 12, 2011 8:06 am

Search the MHS help file for RAMSearch.
There is an example of how to use it in the help file.

Alternatively, there are also topics fully discussing how to perform a Script Search.
The scan itself is run via the normal searching methods you use for any search, but you provide a few script functions to perform the evaluation of each object in memory.

You can use either method.


L. Spiro
Our songs remind you of songs you’ve never heard.
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan


Return to Help

Who is online

Users browsing this forum: No registered users and 0 guests

cron